Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1488 exiv2 security, bug fix, and enhancement update 29 April 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: exiv2 Publisher: Red Hat Operating System: Red Hat Impact/Access: Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-20421 CVE-2019-13114 CVE-2019-13113 CVE-2019-13112 CVE-2019-13111 CVE-2019-13109 CVE-2019-9143 CVE-2018-20099 CVE-2018-20098 CVE-2018-20097 CVE-2018-20096 CVE-2018-19607 CVE-2018-19535 CVE-2018-19108 CVE-2018-19107 CVE-2018-18915 CVE-2018-17581 CVE-2018-17282 CVE-2018-17230 CVE-2018-17229 CVE-2018-14338 CVE-2018-11037 CVE-2018-10772 CVE-2018-9306 CVE-2018-9305 CVE-2018-9304 CVE-2018-9303 CVE-2018-4868 CVE-2017-18005 Reference: ESB-2020.1209 ESB-2020.1203 ESB-2020.0433 ESB-2019.3003 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:1577 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: exiv2 security, bug fix, and enhancement update Advisory ID: RHSA-2020:1577-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1577 Issue date: 2020-04-28 CVE Names: CVE-2017-18005 CVE-2018-4868 CVE-2018-9303 CVE-2018-9304 CVE-2018-9305 CVE-2018-9306 CVE-2018-10772 CVE-2018-11037 CVE-2018-14338 CVE-2018-17229 CVE-2018-17230 CVE-2018-17282 CVE-2018-17581 CVE-2018-18915 CVE-2018-19107 CVE-2018-19108 CVE-2018-19535 CVE-2018-19607 CVE-2018-20096 CVE-2018-20097 CVE-2018-20098 CVE-2018-20099 CVE-2019-9143 CVE-2019-13109 CVE-2019-13111 CVE-2019-13112 CVE-2019-13113 CVE-2019-13114 CVE-2019-20421 ===================================================================== 1. Summary: An update for exiv2, gegl, gnome-color-manager, and libgexiv2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 (0.27.2). (BZ#1651917) Security Fix(es): * exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421) * exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp (CVE-2017-18005) * exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp (CVE-2018-4868) * exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp (CVE-2018-9303) * exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp (CVE-2018-9304) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305) * exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772) * exiv2: information leak via a crafted file (CVE-2018-11037) * exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338) * exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp (CVE-2018-17229) * exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp (CVE-2018-17230) * exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282) * exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581) * exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915) * exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107) * exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108) * exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535) * exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607) * exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096) * exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097) * exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098) * exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099) * exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service (CVE-2019-9143) * exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109) * exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service (CVE-2019-13111) * exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service (CVE-2019-13112) * exiv2: invalid data location in CRW image file causing denial of service (CVE-2019-13113) * exiv2: null-pointer dereference in http.c causing denial of service (CVE-2019-13114) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9306) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1531171 - CVE-2017-18005 exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp 1531724 - CVE-2018-4868 exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp 1566725 - CVE-2018-9303 exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp 1566731 - CVE-2018-9304 exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp 1566735 - CVE-2018-9305 exiv2: out of bounds read in IptcData::printStructure in iptc.c 1566737 - CVE-2018-9306 exiv2: out of bounds read in IptcData::printStructure in iptc.c 1579544 - CVE-2018-11037 exiv2: information leak via a crafted file 1594627 - CVE-2018-10772 exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file 1609396 - CVE-2018-14338 exiv2: buffer overflow in samples/geotag.cpp 1632481 - CVE-2018-17229 exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp 1632484 - CVE-2018-17230 exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp 1632490 - CVE-2018-17282 exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash 1635045 - CVE-2018-17581 exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service 1646555 - CVE-2018-18915 exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp 1649094 - CVE-2018-19107 exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp 1649101 - CVE-2018-19108 exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp 1651917 - Rebase exiv2 to 0.27.2 1656187 - CVE-2018-19535 exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp 1656195 - CVE-2018-19607 exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp 1660423 - CVE-2018-20096 exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service 1660424 - CVE-2018-20097 exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function 1660425 - CVE-2018-20098 exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service 1660426 - CVE-2018-20099 exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service 1684381 - CVE-2019-9143 exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service 1728484 - CVE-2019-13109 exiv2: denial of service in PngImage::readMetadata 1728488 - CVE-2019-13111 exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service 1728490 - CVE-2019-13112 exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service 1728492 - CVE-2019-13113 exiv2: invalid data location in CRW image file causing denial of service 1728494 - CVE-2019-13114 exiv2: null-pointer dereference in http.c causing denial of service 1757444 - Rebuild against exiv2-0.27.2 1757445 - Rebuild against exiv2-0.27.2 1767748 - rebuild gegl against new exiv2 1800472 - CVE-2019-20421 exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: exiv2-0.27.2-5.el8.src.rpm gegl-0.2.0-39.el8.src.rpm gnome-color-manager-3.28.0-3.el8.src.rpm libgexiv2-0.10.8-4.el8.src.rpm aarch64: exiv2-0.27.2-5.el8.aarch64.rpm exiv2-debuginfo-0.27.2-5.el8.aarch64.rpm exiv2-debugsource-0.27.2-5.el8.aarch64.rpm exiv2-libs-0.27.2-5.el8.aarch64.rpm exiv2-libs-debuginfo-0.27.2-5.el8.aarch64.rpm gegl-0.2.0-39.el8.aarch64.rpm gegl-debuginfo-0.2.0-39.el8.aarch64.rpm gegl-debugsource-0.2.0-39.el8.aarch64.rpm libgexiv2-0.10.8-4.el8.aarch64.rpm libgexiv2-debuginfo-0.10.8-4.el8.aarch64.rpm libgexiv2-debugsource-0.10.8-4.el8.aarch64.rpm ppc64le: exiv2-0.27.2-5.el8.ppc64le.rpm exiv2-debuginfo-0.27.2-5.el8.ppc64le.rpm exiv2-debugsource-0.27.2-5.el8.ppc64le.rpm exiv2-libs-0.27.2-5.el8.ppc64le.rpm exiv2-libs-debuginfo-0.27.2-5.el8.ppc64le.rpm gegl-0.2.0-39.el8.ppc64le.rpm gegl-debuginfo-0.2.0-39.el8.ppc64le.rpm gegl-debugsource-0.2.0-39.el8.ppc64le.rpm gnome-color-manager-3.28.0-3.el8.ppc64le.rpm gnome-color-manager-debuginfo-3.28.0-3.el8.ppc64le.rpm gnome-color-manager-debugsource-3.28.0-3.el8.ppc64le.rpm libgexiv2-0.10.8-4.el8.ppc64le.rpm libgexiv2-debuginfo-0.10.8-4.el8.ppc64le.rpm libgexiv2-debugsource-0.10.8-4.el8.ppc64le.rpm s390x: gegl-0.2.0-39.el8.s390x.rpm gegl-debuginfo-0.2.0-39.el8.s390x.rpm gegl-debugsource-0.2.0-39.el8.s390x.rpm x86_64: exiv2-0.27.2-5.el8.x86_64.rpm exiv2-debuginfo-0.27.2-5.el8.i686.rpm exiv2-debuginfo-0.27.2-5.el8.x86_64.rpm exiv2-debugsource-0.27.2-5.el8.i686.rpm exiv2-debugsource-0.27.2-5.el8.x86_64.rpm exiv2-libs-0.27.2-5.el8.i686.rpm exiv2-libs-0.27.2-5.el8.x86_64.rpm exiv2-libs-debuginfo-0.27.2-5.el8.i686.rpm exiv2-libs-debuginfo-0.27.2-5.el8.x86_64.rpm gegl-0.2.0-39.el8.i686.rpm gegl-0.2.0-39.el8.x86_64.rpm gegl-debuginfo-0.2.0-39.el8.i686.rpm gegl-debuginfo-0.2.0-39.el8.x86_64.rpm gegl-debugsource-0.2.0-39.el8.i686.rpm gegl-debugsource-0.2.0-39.el8.x86_64.rpm gnome-color-manager-3.28.0-3.el8.x86_64.rpm gnome-color-manager-debuginfo-3.28.0-3.el8.x86_64.rpm gnome-color-manager-debugsource-3.28.0-3.el8.x86_64.rpm libgexiv2-0.10.8-4.el8.i686.rpm libgexiv2-0.10.8-4.el8.x86_64.rpm libgexiv2-debuginfo-0.10.8-4.el8.i686.rpm libgexiv2-debuginfo-0.10.8-4.el8.x86_64.rpm libgexiv2-debugsource-0.10.8-4.el8.i686.rpm libgexiv2-debugsource-0.10.8-4.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): Source: exiv2-0.27.2-5.el8.src.rpm libgexiv2-0.10.8-4.el8.src.rpm aarch64: exiv2-debuginfo-0.27.2-5.el8.aarch64.rpm exiv2-debugsource-0.27.2-5.el8.aarch64.rpm exiv2-devel-0.27.2-5.el8.aarch64.rpm exiv2-libs-debuginfo-0.27.2-5.el8.aarch64.rpm libgexiv2-debuginfo-0.10.8-4.el8.aarch64.rpm libgexiv2-debugsource-0.10.8-4.el8.aarch64.rpm libgexiv2-devel-0.10.8-4.el8.aarch64.rpm noarch: exiv2-doc-0.27.2-5.el8.noarch.rpm ppc64le: exiv2-debuginfo-0.27.2-5.el8.ppc64le.rpm exiv2-debugsource-0.27.2-5.el8.ppc64le.rpm exiv2-devel-0.27.2-5.el8.ppc64le.rpm exiv2-libs-debuginfo-0.27.2-5.el8.ppc64le.rpm libgexiv2-debuginfo-0.10.8-4.el8.ppc64le.rpm libgexiv2-debugsource-0.10.8-4.el8.ppc64le.rpm libgexiv2-devel-0.10.8-4.el8.ppc64le.rpm s390x: exiv2-0.27.2-5.el8.s390x.rpm exiv2-debuginfo-0.27.2-5.el8.s390x.rpm exiv2-debugsource-0.27.2-5.el8.s390x.rpm exiv2-devel-0.27.2-5.el8.s390x.rpm exiv2-libs-0.27.2-5.el8.s390x.rpm exiv2-libs-debuginfo-0.27.2-5.el8.s390x.rpm libgexiv2-0.10.8-4.el8.s390x.rpm libgexiv2-debuginfo-0.10.8-4.el8.s390x.rpm libgexiv2-debugsource-0.10.8-4.el8.s390x.rpm libgexiv2-devel-0.10.8-4.el8.s390x.rpm x86_64: exiv2-debuginfo-0.27.2-5.el8.i686.rpm exiv2-debuginfo-0.27.2-5.el8.x86_64.rpm exiv2-debugsource-0.27.2-5.el8.i686.rpm exiv2-debugsource-0.27.2-5.el8.x86_64.rpm exiv2-devel-0.27.2-5.el8.i686.rpm exiv2-devel-0.27.2-5.el8.x86_64.rpm exiv2-libs-debuginfo-0.27.2-5.el8.i686.rpm exiv2-libs-debuginfo-0.27.2-5.el8.x86_64.rpm libgexiv2-debuginfo-0.10.8-4.el8.i686.rpm libgexiv2-debuginfo-0.10.8-4.el8.x86_64.rpm libgexiv2-debugsource-0.10.8-4.el8.i686.rpm libgexiv2-debugsource-0.10.8-4.el8.x86_64.rpm libgexiv2-devel-0.10.8-4.el8.i686.rpm libgexiv2-devel-0.10.8-4.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-18005 https://access.redhat.com/security/cve/CVE-2018-4868 https://access.redhat.com/security/cve/CVE-2018-9303 https://access.redhat.com/security/cve/CVE-2018-9304 https://access.redhat.com/security/cve/CVE-2018-9305 https://access.redhat.com/security/cve/CVE-2018-9306 https://access.redhat.com/security/cve/CVE-2018-10772 https://access.redhat.com/security/cve/CVE-2018-11037 https://access.redhat.com/security/cve/CVE-2018-14338 https://access.redhat.com/security/cve/CVE-2018-17229 https://access.redhat.com/security/cve/CVE-2018-17230 https://access.redhat.com/security/cve/CVE-2018-17282 https://access.redhat.com/security/cve/CVE-2018-17581 https://access.redhat.com/security/cve/CVE-2018-18915 https://access.redhat.com/security/cve/CVE-2018-19107 https://access.redhat.com/security/cve/CVE-2018-19108 https://access.redhat.com/security/cve/CVE-2018-19535 https://access.redhat.com/security/cve/CVE-2018-19607 https://access.redhat.com/security/cve/CVE-2018-20096 https://access.redhat.com/security/cve/CVE-2018-20097 https://access.redhat.com/security/cve/CVE-2018-20098 https://access.redhat.com/security/cve/CVE-2018-20099 https://access.redhat.com/security/cve/CVE-2019-9143 https://access.redhat.com/security/cve/CVE-2019-13109 https://access.redhat.com/security/cve/CVE-2019-13111 https://access.redhat.com/security/cve/CVE-2019-13112 https://access.redhat.com/security/cve/CVE-2019-13113 https://access.redhat.com/security/cve/CVE-2019-13114 https://access.redhat.com/security/cve/CVE-2019-20421 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqhVrdzjgjWX9erEAQhEshAAjydQ7MWvHPf96Bzo5YqL2h5BRGMLU7UI m1271qcbiAnNu42MAXPETuY/BEX4nz12nDACRDDeLnI2jHFtus3CSO8JEq0/nI31 54SwqHwAEa1AmRArR6PkV97bL+c+P2AO0Rg+L17WsrClAE/pfHDHHtGEosIUawtW 6Wfn0pAU4mXrDK/GodMRje/l+JvbP9GGQZfM5OQ9K1eMZ+JOZydnnubp5ZWUa4jp hh7Acbxs75HTf0ZzXGRKOWiEuv9yKfi/pjbokmtW3wGCH3v61Heyufb2JUsNqgj5 KRTHSRFUX3UqjcwOYbfh7MU68nyt2ZplgRFktqAcCu6Awm+/CdYwVJCi95ZhPrL1 xioPcXpiETgPRhdlbA4/lFLvy5J7ne5u5dlmn9y4ieNrbqrtwCbC9G+j4kPmdTsn 7MDr5HO/7Bt5W1zU6C+0ZxV0b8bu/MAIBdCWPvtoi5mkniLVgyhyuw9dtfvRTDtN lXr+JbIRmhZEXAvrAv2eTQTRag47BHC/2NhoqVpdtlRnMExZKwpNdUOGpzAwVdQB FaH7b4kdaeckmfPpeE1E9LHB8at/kXZw17IhbhmxzlRTwuLDDTAvagivuzYB01jL ASbvIZpGmj3haY4y/ti26DRX9mgnmNOiYyedd7F7JjMQbT0FQWZRthJXPKIZffW3 us2tKbcUTC4= =0UIZ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXqkGIWaOgq3Tt24GAQi7ghAAmEWQtcX2XKSdBoCI5cKnweb48NWikRbS dH6rcO9371xCxCKGRPaGIS9w3m3wK7vSMQFHemgp7107CnlCy8we9yeZrd2pFrJt 9pyHRVm0YlX+1y4SK2awGzZXIv4dyJNPKDPUZe68R17u6CKVAEz5Q+2IEPy21yVw s7N5U2tJsDsPAeAytJM7TDF6edLdPQ0yLqtJGkxhENT7isF9/bavk1DxxtpD638c Y5nwME15EKcxJnHEYDy5BVbrS8ZDfTKbOTHxwOkNHYMKerfXnNGV1lIf/I3YfDMI o8TFJ97M2yma2MHDhk6CwLoVxIels5qCH5io5m6Sa9t5lpCQEYsNc57I7XfXKzXD bP61m4lPacaXe8R2z1GRTzIkUis117lWeR1zlxUL8Cy0AkjotfbOmsO1RyCLbJ6i 4AHNvm7T72z9pCZxxnoBCE4LWHr7VgbdmYnNO8A9r1gcert3jicONPhuM5F1v1e/ axNwQtZxY5IyAjdDeftc9GmtJV9Wm7BMXQXJ36hscsflRx5ucXqAq11r+gZ5xwkF Drmu+OKhG9S2TDrRrhxQ4bArr2a8ownupCTRgrYM/6p6Mbpc12xXnEvU8wrrjVvH xj8/qLfN0d5UexY/bFRYe3tHF2JQJE6tU5WN6RCqmDnrU5KLL0heWmnOdUwrH0/X +P7r2yYGf2I= =B1kO -----END PGP SIGNATURE-----